[HttpPost("login"), AllowAnonymous] //working public ActionResult User_Login([FromBody] Login login) { try { // get users saved password hash and salt User user = _context.Users.Single(a => a.Email == login.Email); // successful login.. compare user hash to the hash generated from the inputted password and salt if (ValidatePassword(login.Password, user.Password)) { string tokenString = HelperMethods.GenerateJWTAccessToken(user.Role, user.Email, _configuration.GetValue <string>("UserJwtTokenKey")); RefreshToken refToken = HelperMethods.GenerateRefreshToken(user, _context); LoginResponse rtrn = new LoginResponse { ID = user.ID, AccessToken = tokenString, RefreshToken = new ReturnableRefreshToken(refToken) }; _context.SaveChanges(); // always last on db to make sure nothing breaks and db has new info // append cookies to response after login HelperMethods.SetCookies(Response, tokenString, refToken); return(new OkObjectResult(rtrn)); } else { ErrorMessage error = new ErrorMessage("Invalid Credentials.", "Email or Password does not match."); return(new UnauthorizedObjectResult(error)); } } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Error validating credentials", ex.Message); return(new InternalServerErrorResult(error)); } }
public ActionResult User_Login([FromBody] Login login) { // get users saved password hash and salt User user = _context.Users.Single(a => a.Email.SequenceEqual(HelperMethods.EncryptStringToBytes_Aes(login.Email, _keyAndIV))); // check if the user has a verified email or not if (!user.EmailVerified) { ErrorMessage error = new ErrorMessage("Email unconfirmed.", "Please confirm email first."); return(new UnauthorizedObjectResult(error)); } // successful login.. compare user hash to the hash generated from the inputted password and salt if (ValidatePassword(login.Password, user.Password)) { string tokenString = HelperMethods.GenerateJWTAccessToken(user.ID, _configuration.GetValue <string>("UserJwtTokenKey")); RefreshToken refToken = HelperMethods.GenerateRefreshToken(user, _context); LoginResponse rtrn = new LoginResponse { ID = user.ID, AccessToken = tokenString, RefreshToken = new ReturnableRefreshToken(refToken) }; _context.SaveChanges(); // always last on db to make sure nothing breaks and db has new info // append cookies to response after login HelperMethods.SetCookies(Response, tokenString, refToken); return(new OkObjectResult(rtrn)); } else { ErrorMessage error = new ErrorMessage("Invalid Credentials.", "Email or Password does not match."); return(new UnauthorizedObjectResult(error)); } }
public IActionResult Refresh() { // check for access token if (!Request.Headers.ContainsKey("AccessToken")) { ErrorMessage error = new ErrorMessage("Failed to refresh access", "User does not have the access token."); return(new BadRequestObjectResult(error)); } // check for refresh token if (!Request.Headers.ContainsKey("RefreshToken")) { ErrorMessage error = new ErrorMessage("Failed to refresh access", "User does not have the refresh token."); return(new BadRequestObjectResult(error)); } // attempt getting user from claims User user = HelperMethods.GetUserFromAccessToken(Request.Headers["AccessToken"].ToString(), _context, _configuration.GetValue <string>("UserJwtTokenKey"), _configuration.GetValue <string>("ApiUrl")); // make sure this is a valid token for the user if (!HelperMethods.ValidateRefreshToken(user, Request.Headers["RefreshToken"].ToString(), _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid refresh token", "Refrsh token could not be validated."); return(new BadRequestObjectResult(error)); } string newTokenStr = HelperMethods.GenerateJWTAccessToken(user.ID, _configuration.GetValue <string>("UserJwtTokenKey"), _configuration.GetValue <string>("ApiUrl")); RefreshToken newRefToken = HelperMethods.GenerateRefreshToken(user, _context, _keyAndIV); LoginResponse rtrn = new LoginResponse { ID = user.ID, AccessToken = newTokenStr, RefreshToken = new ReturnableRefreshToken(newRefToken, _keyAndIV) }; return(new OkObjectResult(rtrn)); }
public IActionResult Refresh() { try { // attempt getting user from claims User user = HelperMethods.GetUserFromAccessToken(Request.Cookies["AccessTokenSameSite"] ?? Request.Cookies["AccessToken"], _context, _configuration.GetValue <string>("UserJwtTokenKey")); // make sure this is a valid token for the user if (!HelperMethods.ValidateRefreshToken(user, Request.Cookies["RefreshTokenSameSite"] ?? Request.Cookies["RefreshToken"])) { throw new SecurityTokenException("Invalid refresh token!"); } string newTokenStr = HelperMethods.GenerateJWTAccessToken(user.Role, user.Email, _configuration.GetValue <string>("UserJwtTokenKey")); RefreshToken newRefToken = HelperMethods.GenerateRefreshToken(user, _context); LoginResponse rtrn = new LoginResponse { ID = user.ID, AccessToken = newTokenStr, RefreshToken = new ReturnableRefreshToken(newRefToken) }; // append cookies after refresh HelperMethods.SetCookies(Response, newTokenStr, newRefToken); return(new OkObjectResult(rtrn)); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Error refreshing access.", ex.Message); return(new InternalServerErrorResult(error)); } }
public string Refresh() { // attempt getting user from claims User user = HelperMethods.GetUserFromAccessToken(Request.Cookies["AccessTokenSameSite"] ?? Request.Cookies["AccessToken"], _context, _configuration.GetValue <string>("JwtTokenKey")); ValidateRefreshToken(user, Request.Cookies["RefreshTokenSameSite"] ?? Request.Cookies["RefreshToken"]); // make sure this is a valid token for the user string newTokenStr = HelperMethods.GenerateJWTAccessToken(user.Role, user.Email, _configuration.GetValue <string>("JwtTokenKey")); RefreshToken newRefToken = HelperMethods.GenerateRefreshToken(user, _context); string ret = HelperMethods.GenerateLoginResponse(newTokenStr, newRefToken, user.ID); _context.SaveChanges(); // save refresh token just before returning string to be safe // append cookies after refresh HelperMethods.SetCookies(Response, newTokenStr, newRefToken); return(ret); }
public IActionResult Refresh() { // attempt getting user from claims User user = HelperMethods.GetUserFromAccessToken(Request.Cookies["AccessTokenSameSite"] ?? Request.Cookies["AccessToken"], _context, _configuration.GetValue <string>("UserJwtTokenKey")); // make sure this is a valid token for the user if (!HelperMethods.ValidateRefreshToken(user, Request.Cookies["RefreshTokenSameSite"] ?? Request.Cookies["RefreshToken"])) { ErrorMessage error = new ErrorMessage("Invalid refresh token", "Refrsh token could not be validated."); return(new BadRequestObjectResult(error)); } string newTokenStr = HelperMethods.GenerateJWTAccessToken(user.ID, _configuration.GetValue <string>("UserJwtTokenKey")); RefreshToken newRefToken = HelperMethods.GenerateRefreshToken(user, _context); LoginResponse rtrn = new LoginResponse { ID = user.ID, AccessToken = newTokenStr, RefreshToken = new ReturnableRefreshToken(newRefToken) }; // append cookies after refresh HelperMethods.SetCookies(Response, newTokenStr, newRefToken); return(new OkObjectResult(rtrn)); }
[HttpPost("login"), AllowAnonymous] //working public string User_Login([FromBody] string credentials) { JObject json = null; try { json = JObject.Parse(credentials); } catch (Exception ex) { Response.StatusCode = 400; ErrorMessage error = new ErrorMessage("Invalid Json", credentials, ex.Message); return(JObject.FromObject(error).ToString()); } try { // get users saved password hash and salt User user = _context.Users.Single(a => a.Email == json["email"].ToString()); // successful login.. compare user hash to the hash generated from the inputted password and salt if (ValidatePassword(json["password"].ToString(), user.Password)) { string tokenString = HelperMethods.GenerateJWTAccessToken(user.Role, user.Email, _configuration.GetValue <string>("JwtTokenKey")); RefreshToken refToken = HelperMethods.GenerateRefreshToken(user, _context); string ret = HelperMethods.GenerateLoginResponse(tokenString, refToken, user.ID); _context.SaveChanges(); // always last on db to make sure nothing breaks and db has new info // append cookies to response after login HelperMethods.SetCookies(Response, tokenString, refToken); return(ret); } else { Response.StatusCode = 401; ErrorMessage error = new ErrorMessage("Invalid Credentials", credentials, Unauthorized().ToString()); return(JObject.FromObject(error).ToString()); } } catch (Exception ex) { Response.StatusCode = 500; // later we will add logic to see if the error comes from users not giving all json arguments ErrorMessage error = new ErrorMessage("Error validating credentials", credentials, ex.Message); return(JObject.FromObject(error).ToString()); } }